﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.IO;
using System.Text;
using System.Security.Cryptography;
using System.Threading;
using DataLayer.Model;
using DataLayer;
using FitbitManager.Subscripters;

namespace SubcriptionEndpoint
{
    public partial class _Default : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            if (Request.HttpMethod == "POST")
            {
                try
                {
                    string filePath = "";
                    do
                    {
                        filePath = LogManager.logSubPath + new Random().Next() + ".txt";
                    } while (File.Exists(filePath));

                    Request.SaveAs(filePath, true);

                    using (var sr = new StreamReader(Request.InputStream))
                    {
                        string responseText = sr.ReadToEnd();

                        /*TODO: CHECK SIGNATURE (SECURITY)
                         * 
                         * Update notifications are signed using your OAuth client secret using the standard HMAC-SHA1 generation method and placed in the X-Fitbit-Signature HTTP header. 
                         * The signature is first BASE64 encoded and then URL encoded, as with the OAuth signature.
                         * To verify the incoming signature, you compute an expected signature from the XML or JSON contents of the "updates" request entity using your OAuth client secret
                         * and a null OAuth access token secret (in this case the key for the HMAC-SHA1 method should be the "consumer_secret&" – consumer secret concatenated with the "&" symbol).
                         * No headers or request parameters are included in the signature.
                         * 
                         * Signature verification is optional, but recommended.
                         * 
                         * If signature verification fails, you MUST nevertheless return the same success code you would if the signature had been valid and you were able to parse and act upon all
                         * messages in the notification. We recommend that you log the remote IP of the host sending the incorrect signature, as well as the incoming signature and incoming message content.
                         * We also ask that you send us copies of this information.
                         * 
                         */

                        ConsumerManager updater = new ConsumerManager();
                        updater.UpdateFitbitDataReceived(responseText);
                    }
                }
                catch (Exception ex)
                {
                    LogManager.AddLogAlert("EXCEPTION: " + ex.Message + " StackTrace: " + ex.StackTrace);
                }
            }
            else
            {
                LogManager.AddLogAlert("ERROR: " + Request.HttpMethod + " request received from address: " + Request.UserHostAddress + " (" + Request.UserHostName + ")");
            }
        }
    }
}
